{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-47709", "ASSIGNER": "cve@kernel.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Clear bo->bcm_proc_read after remove_proc_entry().\n\nsyzbot reported a warning in bcm_release(). [0]\n\nThe blamed change fixed another warning that is triggered when\nconnect() is issued again for a socket whose connect()ed device has\nbeen unregistered.\n\nHowever, if the socket is just close()d without the 2nd connect(), the\nremaining bo->bcm_proc_read triggers unnecessary remove_proc_entry()\nin bcm_release().\n\nLet's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify().\n\n[0]\nname '4986'\nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07\nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246\nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a\nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640\nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n bcm_release+0x250/0x880 net/can/bcm.c:1578\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbc/0x240 net/socket.c:1421\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcfb51ee969\nCode: Unable to access opcode bytes at 0x7fcfb51ee93f.\nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0\nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160\n " } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Linux", "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "<", "version_name": "5c680022c4e2", "version_value": "f5059fae5ed5" }, { "version_affected": "<", "version_name": "33ed4ba73caa", "version_value": "a833da8eec20" }, { "version_affected": "<", "version_name": "aec92dbebdbe", "version_value": "5cc00913c1fd" }, { "version_affected": "<", "version_name": "10bfacbd5e8d", "version_value": "9550baada4c8" }, { "version_affected": "<", "version_name": "3b39dc2901aa", "version_value": "7a145d6ec212" }, { "version_affected": "<", "version_name": "4377b79323df", "version_value": "c3d941cc734e" }, { "version_affected": "<", "version_name": "abb0a615569e", "version_value": "770b46326442" }, { "version_affected": "<", "version_name": "76fe372ccb81", "version_value": "b02ed2f01240" }, { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "version": "6.11", "status": "affected" }, { "version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.323", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.54", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.10.13", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.11.2", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://git.kernel.org/stable/c/f5059fae5ed518fc56494ce5bdd4f5360de4b3bc", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/f5059fae5ed518fc56494ce5bdd4f5360de4b3bc" }, { "url": "https://git.kernel.org/stable/c/a833da8eec20b51af39643faa7067b25c8b20f3e", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/a833da8eec20b51af39643faa7067b25c8b20f3e" }, { "url": "https://git.kernel.org/stable/c/5cc00913c1fdcab861c4e65fa20d1f1e1bbbf977", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/5cc00913c1fdcab861c4e65fa20d1f1e1bbbf977" }, { "url": "https://git.kernel.org/stable/c/9550baada4c8ef8cebefccc746384842820b4dff", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/9550baada4c8ef8cebefccc746384842820b4dff" }, { "url": "https://git.kernel.org/stable/c/7a145d6ec2124bdb94bd6fc436b342ff6ddf2b70", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/7a145d6ec2124bdb94bd6fc436b342ff6ddf2b70" }, { "url": "https://git.kernel.org/stable/c/c3d941cc734e0c8dc486c062926d5249070af5e4", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/c3d941cc734e0c8dc486c062926d5249070af5e4" }, { "url": "https://git.kernel.org/stable/c/770b463264426cc3c167b1d44efa85f6a526ce5b", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/770b463264426cc3c167b1d44efa85f6a526ce5b" }, { "url": "https://git.kernel.org/stable/c/b02ed2f01240b226570b4a19b5041d61f5125784", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/b02ed2f01240b226570b4a19b5041d61f5125784" }, { "url": "https://git.kernel.org/stable/c/94b0818fa63555a65f6ba107080659ea6bcca63e", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/94b0818fa63555a65f6ba107080659ea6bcca63e" } ] }, "generator": { "engine": "bippy-8e903de6a542" } }